Devel can't start a session

Exploit :- ms09_053_ftpd_nlst
[] Started reverse TCP handler on 10.10.14.37:4444
[
] 257 "MNDDACWWDP" directory created.
[] 250 CWD command successful.
[
] Creating long directory...
[] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[
] 200 PORT command successful.
[] Trying target Windows 2000 SP3 English (IIS 5.0)...
[
] 451 No mapping for the Unicode character exists in the target multi-byte code page.
[*] Exploit completed, but no session was created.

Any help?

Comments

  • You dont need this exploit :)

    stylish

  • The always obvious "Try Harder" comes to mind, but seriously, try another approach. This exploit isn't the one you want.

    SnakeMind

  • @Stylish @SnakeMind Okay i came up without another script but it fails authentication yet again .. any help?
    Script :- https://blog.rootshell.be/wp-content/uploads/2009/08/IIS-FTP.nse

  • to get in ftp u will not need any script. Just basic thinking. More I cannot say without spoiling...

    SnakeMind

  • Some helpful advice for the future, Metasploit doesn't have the solution for all the labs. Don't panic.. just look at the services that you are scanning and just have a quick google at how they work.

    W4K3Y

  • try to check what you are actually attacking, and google that :)

    SnakeMind

  • There is no need for metasploit to get into ftp, just a google search and basic thinking.

    SirenCeol

  • Try harder

    stylish

  • If you still dont understand pm me i will try help you without spoil

    stylish

  • Okay after fiddling around i am able to get to the ftp and i planted a .aspx but when i try to run that script it opens code in the browser instead of working.

  • I've noticed a couple of threads here where you seem to ask for help too soon. The catch-call for Offensive Security is "try harder", for very good reason. If you ask here, and you get help, what did you learn? Just that exploit, if that? This industry / hobby / whatever it is to you is about persistence. It's not uncommon to spend -days- on a single task for a box. You will often feel like you're trying the same thing over and over, but through your persistence you will learn.

    Please, can we not develop a habit of giving out hints here and in the slack channel. It just ruins the journey for people and waters down a process that should be hard won to maximize what you learn. If you get stuck then pull apart your enumeration, work out what is running on a box, identify the weak points in your knowledge and start learning about them - then re-review. You'll be surprised how much you learn, and more often than not the path to a solution will become clearer to you.

    And with that in mind:

    Try harder!

  • @codingo thanks a tons I'll try harder :)
  • @CodingKarma Thanks for the helpful hints dude, the OWASP website also contains a long comprensive list of attacks "https://www.owasp.org/index.php/Category:Attack" combined with code examples for users to test against their assets. Also think that the vuln hub writeups are useful ?

  • @teshy09 the write ups are defo the best way to learn new tips and tricks

Sign In to comment.